Spam Slayer: Do You Speak Spam?

Tip of the Week

An extreme volume of spam calls for extreme measures. You can create a "Safe Mail" folder in Outlook Express as an effective spam filter. Right-click on Local Folders and select New Folder. Next select Tools, Create Rules from Message and pair your address book and any other trusted e-mail address with your Safe Mail folder. In theory, spam will never make it into your Safe Mail folder--only messages from senders in your address book. This also works with Outlook, Netscape, and various other e-mail programs. (Thank you, Kyle, for this user-submitted tip. Keep them coming.)

Send gripes, questions, and tips for the spam wars to spamwatch@pcworld.com. Return to the Spam Watch page for more articles.

The language of spam can sound like Klingon to the uninitiated. But unlike with Star Trek, knowing the definitions can make fighting junk e-mail a whole lot easier.

Following are the spam basics. You'll find enough to get started toward understanding spam and how to fight it.

Spam: People commonly refer to unsolicited commercial e-mail as spam. According to Internet lore, the term originates with a Monty Python skit where the comedy team sings a redundant, useless song: "Spam, spam, lovely spam, lovely spam." (Senator Patrick Leahy invoked the reference when speaking for S. 877, the federal antispam bill.)

Unsolicited commercial e-mail shares the same relentless repetition. Hormel, maker of the lunch meat Spam, is somewhat nonplussed at its unintended fame.

The solution to the onslaught is in a variety of free and fee downloads that can help limit your daily spam intake.

False Positive: This occurs when a spam filter mistakes wanted e-mail for spam and blocks it from you.

The solution to a false positive remains spam filters, although they aren't perfect. For that reason, it's good to keep tabs on what is being blocked. Check any "spam" folder that corrals all your junk e-mail. You can also update your e-mail filters not to block the messages you want to receive.

Bayesian Filter: This is a popular type of e-mail filter based on a mathematical theorem named for 18th-century British minister and mathematician Thomas Bayes. It determines the likelihood that an e-mail message is spam by assigning values to the words in the message and calculating the probability that it is spam. The word Viagra scores high, and so does home (as in work from home). If an e-mail message racks up enough Bayesian points, the filter blocks it.

A number of free Bayesian spam filters are available. Several browser-based e-mail clients also use Bayesian filters, including Netscape and Mozilla. A chief advantage of Bayesian filters is that they are easily trained to watch for users' preferences.

Honey Pot: These are decoy e-mail accounts designed to attract spam. Spam filter writers use them to more easily spot the latest junk e-mail trends and devise ways to outsmart spammers.

Spam filtering firm Brightmail says it has 2 million decoy accounts that get 25 million junk e-mail messages each day. By getting pummeled by spam, Brightmail can better protect ISPs that use its service, the company says.

Dictionary Attack: When spammers need fresh victims, they turn to software that automatically generates likely e-mail addresses. The program combines letters and numbers in an attempt to find active e-mail addresses.

The solution is to be creative: When you pick an e-mail address, don't use a name that is easy to guess. Choose an unlikely combination of number and letters. Also, the longer your user name, the harder it is for software to guess.

Harvesting: Another way spammers gather e-mail addresses is by harvesting them--running a software program that trolls chat rooms, Internet postings, Usenet discussion groups, and other online sources for e-mail addresses.

To avoid being a victim of harvesters, use a disposable e-mail address for public consumption. When you post, don't use your primary e-mail address--use one you don't care about. Yahoo has launched a premium spam-fighting service, Yahoo Mail Plus, with a feature called AddressGuard that lets you create up to 500 separate e-mail accounts. If one address starts getting too much spam, just delete the account and move to another one.

You can also trick harvesters by embedding a message into your e-mail address. For example, if your e-mail address is johndoe99@isp.com, you might want to post your e-mail address as johndoe99(at)isp.com, or johndoe99@nospam.isp.com.

Click-Through Rates: This refers to the number of recipients who actually open a spam message and click on the contained link. It can also apply to the number of times a spam recipient clicks on links at destination Web sites. Spammers are often paid based on how many Web pages they can trick you into viewing.

To avoid feeding the click-through rate, don't become an unwitting participant in this spam technique. Try not to open spam before deleting it, and don't click on links inside spam messages.

Phishing: Possibly the only thing worse than a spammer is an unscrupulous spammer. Sometimes called "phishers," because they are fishing for victims, they try to con people out of personal information like credit card numbers and bank security codes. They defraud most victims by setting up Web sites designed to look like those run by legitimate companies.

The etymology behind the term phishing is rooted in the same hacker slang as phreaking (hacking a telephone system). It's believed by substituting the ph for the f in fishing, hackers could swap scam tips initially without attracting attention.

To avoid being phish bait, always be suspicious of e-mail asking for personal information. When in doubt, directly contact the company that is allegedly asking, try to confirm the correspondence, and find out whether the e-mail or Web site link is legit. Report phishing scammers to your ISP and the Federal Trade Commission's task force on identity theft.

Spam filtering firm MailFrontier recently updated its $30 Matador spam filter to identify phisher spam and automatically report it to the FTC.

Trojan Horse: This malicious software program is made to look innocent, much like the Greeks' creation centuries ago of the original Trojan Horse. Spam victims have complained of recent Trojan horse e-mail messages pretending to be Microsoft software patches. If you were unfortunate enough to double-click the bogus patch file attachment, you were likely bitten by the W32.Swen.A@mm worm. Among other nasty tricks, the worm disables your antivirus software and e-mails itself to anyone in your address book.

To avoid Trojan horses, always scan attachments with your antivirus software before launching a program or double-clicking an attachment from within an e-mail message. Also, keep your antivirus software up-to-date with the latest definitions.

Opt In: Online sweepstakes, newsletters, and Web site registration forms often ask for more than your e-mail address in exchange for their giveaways. Often the fine print specifies that you are agreeing to receive e-mail offers from marketing partners. Clicking to accept these terms is called opt-in marketing. You may quickly find out that the service you signed up with has many "marketing partners."

To avoid signing up for spam, register for sites and enter contests using disposable e-mail addresses. Be leery of check boxes. If you start getting spam from a company you trust, you can choose to opt out of receiving more.

However, beware of spam that offers an "opt-out" option. Disreputable junk e-mailers offer this option only as a way to confirm your e-mail address is valid.

Q&A

Q. Doesn't spam slow the entire Internet?

--Eldon W.

A. According to experts at the Internet Engineering Task Force, an Internet standards group, the answer is no. Despite high volumes of spam, it's not doing anything particularly harmful to the Internet.

However, hackers can cripple a network using an e-mail-based distributed denial-of-service attack in which PCs are directed to simultaneously transmit useless traffic to servers. DDoS attacks blast servers with more data than they can handle, which can cause servers to overload or crash and networks to clog with traffic.

EarthLink says spam on its e-mail network doesn't slow the process of sending and receiving e-mail. Spam can slow down the e-mail experience of checking and reading legitimate e-mail.

Subscribe to the Daily Downloads Newsletter

Comments